Inactive Help with svchost.exe(Trojan.Agent) and (Trojan.Dropper.BCMiner)

reloader-1

Posts: 6   +0
I'm normally somewhat decent at keeping my systems clean but this infection has me worried, as I am about to head off to school in Europe on Sunday and I want my system ready to go. Any help is very much appreciated!

-----------------------------------------

Malwarebytes Log:

-----------------------------------------

Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Database version: v2012.07.30.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
:: VOSTRO3350 [administrator]

Protection: Enabled

7/30/2012 12:55:51 PM
mbam-log-2012-07-30 (12-55-51).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM
Scan options disabled: P2P
Objects scanned: 190386
Time elapsed: 37 second(s)

Memory Processes Detected: 1
C:\Windows\svchost.exe (Trojan.Agent) -> 4044 -> Delete on reboot.

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 2
C:\Windows\Installer\{527fca17-bc25-e78a-abbc-374ecbbce2fb}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Quarantined and deleted successfully.
C:\Windows\svchost.exe (Trojan.Agent) -> Delete on reboot.

(end)

--------------------------------------

GMER Log:

--------------------------------------

GMER 1.0.15.15641 - http://www.gmer.net
Rootkit scan 2012-07-31 13:31:44
Windows 6.1.7601 Service Pack 1
Running: xsy9l5iy.exe


---- Registry - GMER 1.0.15 ----

Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ac7289d08891
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ac7289d08891 (not active ControlSet)

---- Files - GMER 1.0.15 ----

File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\6YO7X987.txt 723 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\2QKHIXE9.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\3GNJX6XT.txt 126 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\VF9LQVPU.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\9B3TB5HV.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\R1925ESG.txt 4233 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\LE8NMR2U.txt 3132 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\1DRFC8D9.txt 115 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\MOXSILWE.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\FABOBGR7.txt 543 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\QAUFSG11.txt 7504 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\5DO1BJ6O.txt 872 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7RK9NNXK.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7TE7SO3P.txt 7751 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\7WYFGH2C.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\P4443JL5.txt 1679 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\DGFAH8L0.txt 88 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\JUJQQWDH.txt 0 bytes
File C:\Windows\SysWOW64\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\W2614BIT.txt 0 bytes

---- EOF - GMER 1.0.15 ----

---------------------------------------------

DDS Log

---------------------------------------------

.
DDS (Ver_2011-08-26.01) - NTFSAMD64
Internet Explorer: 8.0.7601.17514 BrowserJavaVersion: 1.6.0_31
Run by X at 13:32:28 on 2012-07-31
Microsoft Windows 7 Professional 6.1.7601.1.1252.1.1033.18.6051.3015 [GMT -4:00]
.
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Program Files\IDT\WDM\STacSV64.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\vcsFPService.exe
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\WLANExt.exe
C:\Windows\system32\conhost.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Windows\System32\igfxtray.exe
C:\Windows\System32\hkcmd.exe
C:\Windows\System32\igfxpers.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Program Files (x86)\STMicroelectronics\AccelerometerP11\FF_Protection.exe
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Intel\WiFi\bin\EvtEng.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\system32\svchost.exe -k bthsvcs
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\wbem\unsecapp.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
-netsvcs
C:\Windows\system32\conhost.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_268.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\system32\DllHost.exe
C:\Windows\SysWOW64\cmd.exe
C:\Windows\system32\conhost.exe
C:\Windows\SysWOW64\cscript.exe
C:\Windows\system32\wbem\wmiprvse.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
uDefault_Page_URL = hxxp://www.dell.com
mStart Page = hxxp://www.google.com
uInternet Settings,ProxyOverride = *.local
uURLSearchHooks: H - No File
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO: Java(tm) Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
mPolicies-explorer: NoActiveDesktop = 1 (0x1)
mPolicies-explorer: NoActiveDesktopChanges = 1 (0x1)
mPolicies-system: ConsentPromptBehaviorAdmin = 5 (0x5)
mPolicies-system: ConsentPromptBehaviorUser = 3 (0x3)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Free YouTube to MP3 Converter - C:\Users\X\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {C1F8FC10-E5DB-4112-9DBF-6C3FF728D4E3} - hxxp://support.dell.com/systemprofiler/DellSystemLite.CAB
DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab
DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} - hxxps://juniper.net/dana-cached/sc/JuniperSetupClient.cab
TCP: DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{51623F26-BA2D-4270-B19A-8EAB9CA5D485} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
TCP: Interfaces\{F538A39B-9083-416D-88DE-D13D59653482} : DhcpNameServer = 192.168.2.1 75.75.75.75 75.75.76.76
Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL
SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO-X64: AcroIEHelperStub - No File
BHO-X64: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
BHO-X64: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll
BHO-X64: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll
mRun-x64: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun-x64: [GrooveMonitor] "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe"
mRun-x64: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
mRun-x64: [Malwarebytes' Anti-Malware] "C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" /starttray
SEH-X64: Groove GFS Stub Execution Hook: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\uzx6ntby.default\
FF - prefs.js: browser.startup.homepage - www.google.com
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npdeployJava1.dll
FF - plugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: C:\Program Files (x86)\Mozilla Firefox\plugins\npMozCouponPrinter.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_268.dll
.
============= SERVICES / DRIVERS ===============
.
R0 stdcfltn;Disk Class Filter Driver for Accelerometer;C:\Windows\system32\DRIVERS\stdcfltn.sys --> C:\Windows\system32\DRIVERS\stdcfltn.sys [?]
R1 NEOFLTR_720_20645;Juniper Networks TDI Filter Driver (NEOFLTR_720_20645);\??\C:\Windows\system32\Drivers\NEOFLTR_720_20645.SYS --> C:\Windows\system32\Drivers\NEOFLTR_720_20645.SYS [?]
R1 vwififlt;Virtual WiFi Filter Driver;C:\Windows\system32\DRIVERS\vwififlt.sys --> C:\Windows\system32\DRIVERS\vwififlt.sys [?]
R2 AdobeARMservice;Adobe Acrobat Update Service;C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-1-3 63928]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2011-12-2 89600]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-4-25 655944]
R2 RosettaStoneDaemon;RosettaStoneDaemon;C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe [2011-4-15 1646056]
R2 TurboB;Turbo Boost UI Monitor driver;C:\Windows\system32\DRIVERS\TurboB.sys --> C:\Windows\system32\DRIVERS\TurboB.sys [?]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-12-2 2655768]
R2 vcsFPService;Validity VCS Fingerprint Service;C:\Windows\System32\vcsFPService.exe [2010-12-3 2696496]
R3 Acceler;Accelerometer Service;C:\Windows\system32\DRIVERS\Accelern.sys --> C:\Windows\system32\DRIVERS\Accelern.sys [?]
R3 IntcDAud;Intel(R) Display Audio;C:\Windows\system32\DRIVERS\IntcDAud.sys --> C:\Windows\system32\DRIVERS\IntcDAud.sys [?]
R3 MBAMProtector;MBAMProtector;\??\C:\Windows\system32\drivers\mbam.sys --> C:\Windows\system32\drivers\mbam.sys [?]
R3 MEIx64;Intel(R) Management Engine Interface;C:\Windows\system32\DRIVERS\HECIx64.sys --> C:\Windows\system32\DRIVERS\HECIx64.sys [?]
R3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;C:\Windows\system32\DRIVERS\NETwNs64.sys --> C:\Windows\system32\DRIVERS\NETwNs64.sys [?]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys --> C:\Windows\system32\DRIVERS\nusb3hub.sys [?]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys --> C:\Windows\system32\DRIVERS\nusb3xhc.sys [?]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys --> C:\Windows\system32\DRIVERS\Rt64win7.sys [?]
R3 vwifimp;Microsoft Virtual WiFi Miniport Service;C:\Windows\system32\DRIVERS\vwifimp.sys --> C:\Windows\system32\DRIVERS\vwifimp.sys [?]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 gupdate;Google Update Service (gupdate);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-15 136176]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-7-3 160944]
S3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-4-17 250056]
S3 dmvsc;dmvsc;C:\Windows\system32\drivers\dmvsc.sys --> C:\Windows\system32\drivers\dmvsc.sys [?]
S3 gupdatem;Google Update Service (gupdatem);C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2012-1-15 136176]
S3 MozillaMaintenance;Mozilla Maintenance Service;C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-5-5 113120]
S3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [2010-12-17 340240]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\system32\Drivers\RtsUStor.sys --> C:\Windows\system32\Drivers\RtsUStor.sys [?]
S3 StorSvc;Storage Service;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-13 20992]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys --> C:\Windows\system32\drivers\tsusbflt.sys [?]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\system32\drivers\TsUsbGD.sys --> C:\Windows\system32\drivers\TsUsbGD.sys [?]
S3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;C:\Program Files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S3 WatAdminSvc;Windows Activation Technologies Service;C:\Windows\system32\Wat\WatAdminSvc.exe --> C:\Windows\system32\Wat\WatAdminSvc.exe [?]
.
=============== Created Last 30 ================
.
2012-07-31 00:58:46 20480 ----a-w- C:\Windows\svchost.exe
2012-07-30 17:04:35 98816 ----a-w- C:\Windows\sed.exe
2012-07-30 17:04:35 518144 ----a-w- C:\Windows\SWREG.exe
2012-07-30 17:04:35 256000 ----a-w- C:\Windows\PEV.exe
2012-07-30 17:04:35 208896 ----a-w- C:\Windows\MBR.exe
2012-07-30 17:04:33 -------- d-s---w- C:\ComboFix
2012-07-30 15:51:24 -------- d-sh--w- C:\Windows\SysWow64\%APPDATA%
2012-07-30 02:07:13 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\997D.tmp
2012-07-30 02:07:13 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\997C.tmp
2012-07-27 16:02:43 9133488 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{16FBCE7C-08BB-4482-86A7-40BE8B4E8886}\mpengine.dll
2012-07-25 04:32:31 5120 ----a-w- C:\ProgramData\Microsoft\Windows\DRM\142B.tmp
2012-07-13 15:14:25 3148800 ----a-w- C:\Windows\System32\win32k.sys
.
==================== Find3M ====================
.
2012-07-30 16:04:07 70344 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-30 16:04:07 426184 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-07-03 17:46:44 24904 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-06-06 06:06:16 2004480 ----a-w- C:\Windows\System32\msxml6.dll
2012-06-06 06:06:16 1881600 ----a-w- C:\Windows\System32\msxml3.dll
2012-06-06 06:02:54 1133568 ----a-w- C:\Windows\System32\cdosys.dll
2012-06-06 05:05:52 1390080 ----a-w- C:\Windows\SysWow64\msxml6.dll
2012-06-06 05:05:52 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll
2012-06-06 05:03:06 805376 ----a-w- C:\Windows\SysWow64\cdosys.dll
2012-06-02 22:15:31 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-06-02 22:15:08 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-06-02 19:19:42 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-06-02 19:15:12 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-06-02 05:50:10 458704 ----a-w- C:\Windows\System32\drivers\cng.sys
2012-06-02 05:48:16 95600 ----a-w- C:\Windows\System32\drivers\ksecdd.sys
2012-06-02 05:48:16 151920 ----a-w- C:\Windows\System32\drivers\ksecpkg.sys
2012-06-02 05:45:31 340992 ----a-w- C:\Windows\System32\schannel.dll
2012-06-02 05:44:21 307200 ----a-w- C:\Windows\System32\ncrypt.dll
2012-06-02 04:40:42 22016 ----a-w- C:\Windows\SysWow64\secur32.dll
2012-06-02 04:40:39 225280 ----a-w- C:\Windows\SysWow64\schannel.dll
2012-06-02 04:39:10 219136 ----a-w- C:\Windows\SysWow64\ncrypt.dll
2012-06-02 04:34:09 96768 ----a-w- C:\Windows\SysWow64\sspicli.dll
2012-05-31 16:25:12 279656 ------w- C:\Windows\System32\MpSigStub.exe
2012-05-15 04:01:31 1188864 ----a-w- C:\Windows\System32\wininet.dll
2012-05-15 03:03:54 981504 ----a-w- C:\Windows\SysWow64\wininet.dll
2012-05-04 11:06:22 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-05-04 10:03:53 3968368 ----a-w- C:\Windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03:50 3913072 ----a-w- C:\Windows\SysWow64\ntoskrnl.exe
.
============= FINISH: 13:32:47.87 ===============

--------------------------------------

DDS Attach Log

---------------------------------------

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2011-08-26.01)
.
Microsoft Windows 7 Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 12/2/2011 12:41:17 AM
System Uptime: 7/31/2012 11:49:06 AM (2 hours ago)
.
Motherboard: Dell Inc. | | 0CXHNM
Processor: Intel(R) Core(TM) i7-2640M CPU @ 2.80GHz | CPU 1 | 2801/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 119 GiB total, 69.235 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP108: 6/26/2012 12:47:09 PM - Windows Update
RP109: 6/29/2012 1:29:53 PM - Windows Update
RP110: 7/3/2012 10:03:59 PM - Windows Update
RP111: 7/6/2012 10:08:51 PM - Windows Update
RP112: 7/12/2012 10:55:27 PM - Windows Update
RP114: 7/13/2012 11:13:09 AM - Windows Modules Installer
RP115: 7/13/2012 11:14:02 AM - Windows Modules Installer
RP116: 7/17/2012 9:24:35 PM - Windows Update
RP117: 7/24/2012 7:51:43 PM - Windows Update
RP119: 7/25/2012 12:46:31 AM - Windows Defender Checkpoint
RP120: 7/30/2012 1:04:37 PM - ComboFix created restore point
.
==== Installed Programs ======================
.
Update for Microsoft Office 2007 (KB2508958)
AccelerometerP11
Adobe AIR
Adobe Flash Player 11 ActiveX
Adobe Flash Player 11 Plugin
Adobe Reader X (10.1.3)
Adobe Shockwave Player 11.6
Apple Application Support
Apple Software Update
Barbarian Invasion
BlackBerry Desktop Software 6.1
Coupon Printer for Windows
Dell Resource CD
Free RAR Extract Frog
Free YouTube to MP3 Converter version 3.10.15.1228
Google Update Helper
IDT Audio
Intel(R) Management Engine Components
Intel(R) Processor Graphics
Java Auto Updater
Java(TM) 6 Update 31
Juniper Networks Host Checker
Juniper Networks Secure Application Manager
Juniper Networks Setup Client Activex Control
Juniper Networks, Inc. Setup Client
Juniper Terminal Services Client
Kernel EML Viewer ver 10.09.01
KeyTweak - Keyboard Remapper (remove only)
Malwarebytes Anti-Malware version 1.62.0.1300
Microsoft Office 2007 Service Pack 3 (SP3)
Microsoft Office Access MUI (English) 2007
Microsoft Office Access Setup Metadata MUI (English) 2007
Microsoft Office Enterprise 2007
Microsoft Office Excel MUI (English) 2007
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (English) 2007
Microsoft Office Groove Setup Metadata MUI (English) 2007
Microsoft Office InfoPath MUI (English) 2007
Microsoft Office OneNote MUI (English) 2007
Microsoft Office Outlook MUI (English) 2007
Microsoft Office PowerPoint MUI (English) 2007
Microsoft Office Proof (English) 2007
Microsoft Office Proof (French) 2007
Microsoft Office Proof (Spanish) 2007
Microsoft Office Proofing (English) 2007
Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
Microsoft Office Publisher MUI (English) 2007
Microsoft Office Shared MUI (English) 2007
Microsoft Office Shared Setup Metadata MUI (English) 2007
Microsoft Office Word MUI (English) 2007
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Mozilla Firefox 14.0.1 (x86 en-US)
Mozilla Maintenance Service
RACE 07
Realtek Ethernet Controller Driver
Realtek USB 2.0 Card Reader
Renesas Electronics USB 3.0 Host Controller Driver
Rome - Total War
Rome - Total War - Alexander
Rosetta Stone Ltd Services
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Security Update for Microsoft Office 2007 suites (KB2596666) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596672) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596744) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596785) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596792) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596871) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2596880) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597162) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2597969) 32-Bit Edition
Security Update for Microsoft Office 2007 suites (KB2598041) 32-Bit Edition
Security Update for Microsoft Office Excel 2007 (KB2597161) 32-Bit Edition
Security Update for Microsoft Office InfoPath 2007 (KB2596786) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596764) 32-Bit Edition
Security Update for Microsoft Office PowerPoint 2007 (KB2596912) 32-Bit Edition
Security Update for Microsoft Office Publisher 2007 (KB2596705) 32-Bit Edition
Security Update for Microsoft Office Word 2007 (KB2596917) 32-Bit Edition
Skype™ 5.10
Steam
SteamApp8650
swMSM
System Requirements Lab CYRI
Update for 2007 Microsoft Office System (KB967642)
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft Office 2007 Help for Common Features (KB963673)
Update for Microsoft Office Access 2007 Help (KB963663)
Update for Microsoft Office Excel 2007 Help (KB963678)
Update for Microsoft Office Infopath 2007 Help (KB963662)
Update for Microsoft Office OneNote 2007 Help (KB963670)
Update for Microsoft Office Outlook 2007 (KB2596598) 32-Bit Edition
Update for Microsoft Office Outlook 2007 Help (KB963677)
Update for Microsoft Office Outlook 2007 Junk Email Filter (KB2687310) 32-Bit Edition
Update for Microsoft Office Powerpoint 2007 Help (KB963669)
Update for Microsoft Office Publisher 2007 Help (KB963667)
Update for Microsoft Office Script Editor Help (KB963671)
Update for Microsoft Office Word 2007 Help (KB963665)
.
==== Event Viewer Messages From Past Week ========
.
7/31/2012 11:49:19 AM, Error: Service Control Manager [7023] - The Computer Browser service terminated with the following error: The specified service does not exist as an installed service.
7/31/2012 1:23:03 PM, Error: Service Control Manager [7023] - The Function Discovery Resource Publication service terminated with the following error: %%-2147024891
7/31/2012 1:23:03 PM, Error: Service Control Manager [7001] - The HomeGroup Provider service depends on the Function Discovery Resource Publication service which failed to start because of the following error: %%-2147024891
7/30/2012 12:54:29 PM, Error: Service Control Manager [7003] - The IPsec Policy Agent service depends the following service: BFE. This service might not be installed.
7/30/2012 12:54:29 PM, Error: Service Control Manager [7003] - The IKE and AuthIP IPsec Keying Modules service depends the following service: BFE. This service might not be installed.
7/30/2012 1:44:45 PM, Error: Microsoft-Windows-WER-SystemErrorReporting [1001] - The computer has rebooted from a bugcheck. The bugcheck was: 0x00000050 (0xfffff8a0001fa000, 0x0000000000000000, 0xfffff80002ce49ca, 0x0000000000000000). A dump was saved in: C:\Windows\MEMORY.DMP. Report Id: 073012-7628-01.
7/30/2012 1:09:11 PM, Error: Service Control Manager [7023] - The Windows Defender service terminated with the following error: The specified module could not be found.
7/30/2012 1:08:34 PM, Error: Service Control Manager [7030] - The PEVSystemStart service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.
7/30/2012 1:08:14 PM, Error: Application Popup [1060] - \??\C:\ComboFix\catchme.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
7/29/2012 10:07:14 PM, Error: atapi [11] - The driver detected a controller error on \Device\Ide\IdePort0.
.
==== End Of File ===========================
 
Welcome aboard
yahooo.gif


Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================

I don't see any AV program running.
Install ONE of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

====================================

Download TDSSKiller and save it to your desktop.
  • Extract (unzip) its contents to your desktop.
  • Open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now.
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory (usually C:\ folder) in the form of TDSSKiller_xxxx_log.txt. Please copy and paste the contents of that file here.
 
Thanks Broni! I have no problem doing a slash & burn reinstall if it is easier, to insure that everything is gone. Let me know if that is a good option.

Downloaded Microsoft Security Essentials. Found a ton of stuff.

Trojan:Win64/Alureon.gen!F - Quarantined
Trojan:Win32/Alureon.gen!AD - Quarantined
Trojan:DOS/Alureon.gJ - Quarantined
Trojan:Win21/Orsam!rts - Quarantined
Virus:Win64/Sirefef.B -Quarantined
Trojan:Dos/Alureon.A - Removed
Exploit:Java/CVE-2012-0507.F - Removed
Trojan:Win64/Alureon.gen!K - Removed
Exploit:Java/CVE-2010-0840.NS - Removed
Exploit:Java/CVE-2011-3544.CR - Removed
Exploit:Java/CVE-2011-3544.L - Removed
Trojan:Win64/Sirefef - Removed
Exploit:Java/CVE-2011-3544.gen!A - Removed
Trojan:Win32/Sirefef.AN- Removed
Exploit:Java/Blacole.ET- Removed
Exploit:Java/Blacole.FK- Removed
Trojan:Win64/Sirefef.AA- Removed
Exploit:Java/CVE-2010-0840.QE- Removed
Trojan:Win64/Sirefef.W- Removed
Trojan:DOS/Alureon.A- Quarantined
Trojan:Win32/Sirefef.AB- Quarantined
Trojan:Win64/Sirefef.P- Quarantined
Trojan:Win64/Sirefef.P- Quarantined
Trojan:DOS/Alureon.A- Removed
Trojan:DOS/Alureon.A- Removed

----------------------------

TDS Killer Log:

----------------------------
13:33:10.0804 4800 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
13:33:11.0100 4800 ============================================================
13:33:11.0100 4800 Current date / time: 2012/08/01 13:33:11.0100
13:33:11.0100 4800 SystemInfo:
13:33:11.0100 4800
13:33:11.0100 4800 OS Version: 6.1.7601 ServicePack: 1.0
13:33:11.0100 4800 Product type: Workstation
13:33:11.0100 4800 ComputerName: VOSTRO3350
13:33:11.0100 4800 UserName: X
13:33:11.0100 4800 Windows directory: C:\Windows
13:33:11.0100 4800 System windows directory: C:\Windows
13:33:11.0100 4800 Running under WOW64
13:33:11.0100 4800 Processor architecture: Intel x64
13:33:11.0100 4800 Number of processors: 4
13:33:11.0100 4800 Page size: 0x1000
13:33:11.0100 4800 Boot type: Normal boot
13:33:11.0100 4800 ============================================================
13:33:11.0521 4800 Drive \Device\Harddisk0\DR0 - Size: 0x1DCF856000 (119.24 Gb), SectorSize: 0x200, Cylinders: 0x3CCE, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:33:11.0521 4800 ============================================================
13:33:11.0521 4800 \Device\Harddisk0\DR0:
13:33:11.0521 4800 MBR partitions:
13:33:11.0521 4800 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
13:33:11.0521 4800 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0xEE49000
13:33:11.0521 4800 ============================================================
13:33:11.0521 4800 C: <-> \Device\Harddisk0\DR0\Partition1
13:33:11.0521 4800 ============================================================
13:33:11.0521 4800 Initialize success
13:33:11.0521 4800 ============================================================
13:33:13.0721 5588 ============================================================
13:33:13.0721 5588 Scan started
13:33:13.0721 5588 Mode: Manual;
13:33:13.0721 5588 ============================================================
13:33:14.0033 5588 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
13:33:14.0033 5588 1394ohci - ok
13:33:14.0048 5588 Acceler (e0065cbf1a25c015c218457d2cd522b9) C:\Windows\system32\DRIVERS\Accelern.sys
13:33:14.0048 5588 Acceler - ok
13:33:14.0064 5588 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
13:33:14.0064 5588 ACPI - ok
13:33:14.0064 5588 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
13:33:14.0064 5588 AcpiPmi - ok
13:33:14.0080 5588 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
13:33:14.0080 5588 AdobeARMservice - ok
13:33:14.0111 5588 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
13:33:14.0111 5588 AdobeFlashPlayerUpdateSvc - ok
13:33:14.0142 5588 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
13:33:14.0142 5588 adp94xx - ok
13:33:14.0158 5588 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
13:33:14.0158 5588 adpahci - ok
13:33:14.0173 5588 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
13:33:14.0173 5588 adpu320 - ok
13:33:14.0173 5588 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
13:33:14.0173 5588 AeLookupSvc - ok
13:33:14.0189 5588 AESTFilters (a6fb9db8f1a86861d955fd6975977ae0) C:\Program Files\IDT\WDM\AESTSr64.exe
13:33:14.0189 5588 AESTFilters - ok
13:33:14.0220 5588 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
13:33:14.0220 5588 AFD - ok
13:33:14.0220 5588 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
13:33:14.0220 5588 agp440 - ok
13:33:14.0236 5588 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
13:33:14.0236 5588 ALG - ok
13:33:14.0236 5588 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
13:33:14.0236 5588 aliide - ok
13:33:14.0236 5588 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
13:33:14.0236 5588 amdide - ok
13:33:14.0251 5588 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
13:33:14.0251 5588 AmdK8 - ok
13:33:14.0251 5588 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
13:33:14.0251 5588 AmdPPM - ok
13:33:14.0267 5588 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
13:33:14.0267 5588 amdsata - ok
13:33:14.0267 5588 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
13:33:14.0282 5588 amdsbs - ok
13:33:14.0282 5588 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
13:33:14.0282 5588 amdxata - ok
13:33:14.0282 5588 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
13:33:14.0282 5588 AppID - ok
13:33:14.0282 5588 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
13:33:14.0298 5588 AppIDSvc - ok
13:33:14.0298 5588 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
13:33:14.0298 5588 Appinfo - ok
13:33:14.0314 5588 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
13:33:14.0314 5588 Apple Mobile Device - ok
13:33:14.0314 5588 AppMgmt (4aba3e75a76195a3e38ed2766c962899) C:\Windows\System32\appmgmts.dll
13:33:14.0329 5588 AppMgmt - ok
13:33:14.0329 5588 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
13:33:14.0329 5588 arc - ok
13:33:14.0329 5588 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
13:33:14.0329 5588 arcsas - ok
13:33:14.0345 5588 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
13:33:14.0345 5588 AsyncMac - ok
13:33:14.0345 5588 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
13:33:14.0345 5588 atapi - ok
13:33:14.0376 5588 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:33:14.0376 5588 AudioEndpointBuilder - ok
13:33:14.0376 5588 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
13:33:14.0392 5588 AudioSrv - ok
13:33:14.0392 5588 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
13:33:14.0392 5588 AxInstSV - ok
13:33:14.0407 5588 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
13:33:14.0423 5588 b06bdrv - ok
13:33:14.0423 5588 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
13:33:14.0423 5588 b57nd60a - ok
13:33:14.0438 5588 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
13:33:14.0438 5588 BDESVC - ok
13:33:14.0438 5588 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
13:33:14.0438 5588 Beep - ok
13:33:14.0470 5588 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
13:33:14.0485 5588 BFE - ok
13:33:14.0485 5588 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\DRIVERS\blbdrive.sys
13:33:14.0485 5588 blbdrive - ok
13:33:14.0501 5588 Bonjour Service (ebbcd5dfbb1de70e8f4af8fa59e401fd) C:\Program Files\Bonjour\mDNSResponder.exe
13:33:14.0501 5588 Bonjour Service - ok
13:33:14.0516 5588 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
13:33:14.0516 5588 bowser - ok
13:33:14.0516 5588 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
13:33:14.0516 5588 BrFiltLo - ok
13:33:14.0516 5588 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
13:33:14.0516 5588 BrFiltUp - ok
13:33:14.0532 5588 BridgeMP (5c2f352a4e961d72518261257aae204b) C:\Windows\system32\DRIVERS\bridge.sys
13:33:14.0532 5588 BridgeMP - ok
13:33:14.0548 5588 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
13:33:14.0548 5588 Browser - ok
13:33:14.0548 5588 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
13:33:14.0563 5588 Brserid - ok
13:33:14.0563 5588 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
13:33:14.0563 5588 BrSerWdm - ok
13:33:14.0563 5588 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
13:33:14.0563 5588 BrUsbMdm - ok
13:33:14.0563 5588 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
13:33:14.0563 5588 BrUsbSer - ok
13:33:14.0579 5588 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
13:33:14.0579 5588 BthEnum - ok
13:33:14.0579 5588 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
13:33:14.0579 5588 BTHMODEM - ok
13:33:14.0594 5588 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
13:33:14.0594 5588 BthPan - ok
13:33:14.0610 5588 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
13:33:14.0610 5588 BTHPORT - ok
13:33:14.0626 5588 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
13:33:14.0626 5588 bthserv - ok
13:33:14.0626 5588 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
13:33:14.0626 5588 BTHUSB - ok
13:33:14.0641 5588 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
13:33:14.0641 5588 cdfs - ok
13:33:14.0641 5588 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\DRIVERS\cdrom.sys
13:33:14.0657 5588 cdrom - ok
13:33:14.0657 5588 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:33:14.0657 5588 CertPropSvc - ok
13:33:14.0657 5588 cfhckixs (fa1dabdba6721f4fe345413b3a189ead) C:\Windows\system32\drivers\cfhckixs.sys
13:33:14.0657 5588 cfhckixs - ok
13:33:14.0672 5588 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
13:33:14.0672 5588 circlass - ok
13:33:14.0688 5588 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
13:33:14.0688 5588 CLFS - ok
13:33:14.0688 5588 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
13:33:14.0704 5588 clr_optimization_v2.0.50727_32 - ok
13:33:14.0704 5588 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
13:33:14.0704 5588 clr_optimization_v2.0.50727_64 - ok
13:33:14.0719 5588 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
13:33:14.0719 5588 clr_optimization_v4.0.30319_32 - ok
13:33:14.0735 5588 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
13:33:14.0735 5588 clr_optimization_v4.0.30319_64 - ok
13:33:14.0735 5588 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\DRIVERS\CmBatt.sys
13:33:14.0750 5588 CmBatt - ok
13:33:14.0750 5588 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
13:33:14.0750 5588 cmdide - ok
13:33:14.0766 5588 CNG (9ac4f97c2d3e93367e2148ea940cd2cd) C:\Windows\system32\Drivers\cng.sys
13:33:14.0766 5588 CNG - ok
13:33:14.0766 5588 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\DRIVERS\compbatt.sys
13:33:14.0766 5588 Compbatt - ok
13:33:14.0782 5588 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\DRIVERS\CompositeBus.sys
13:33:14.0782 5588 CompositeBus - ok
13:33:14.0782 5588 COMSysApp - ok
13:33:14.0782 5588 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
13:33:14.0782 5588 crcdisk - ok
13:33:14.0797 5588 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
13:33:14.0797 5588 CryptSvc - ok
13:33:14.0813 5588 CSC (54da3dfd29ed9f1619b6f53f3ce55e49) C:\Windows\system32\drivers\csc.sys
13:33:14.0828 5588 CSC - ok
13:33:14.0844 5588 CscService (3ab183ab4d2c79dcf459cd2c1266b043) C:\Windows\System32\cscsvc.dll
13:33:14.0860 5588 CscService - ok
13:33:14.0875 5588 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:33:14.0875 5588 DcomLaunch - ok
13:33:14.0891 5588 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
13:33:14.0906 5588 defragsvc - ok
13:33:14.0906 5588 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
13:33:14.0922 5588 DfsC - ok
13:33:14.0922 5588 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
13:33:14.0938 5588 Dhcp - ok
13:33:14.0938 5588 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
13:33:14.0938 5588 discache - ok
13:33:14.0953 5588 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
13:33:14.0953 5588 Disk - ok
13:33:14.0953 5588 dmvsc (5db085a8a6600be6401f2b24eecb5415) C:\Windows\system32\drivers\dmvsc.sys
13:33:14.0953 5588 dmvsc - ok
13:33:14.0969 5588 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
13:33:14.0969 5588 Dnscache - ok
13:33:14.0984 5588 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
13:33:14.0984 5588 dot3svc - ok
13:33:14.0984 5588 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
13:33:14.0984 5588 DPS - ok
13:33:15.0000 5588 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
13:33:15.0000 5588 drmkaud - ok
13:33:15.0031 5588 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
13:33:15.0031 5588 DXGKrnl - ok
13:33:15.0047 5588 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
13:33:15.0047 5588 EapHost - ok
13:33:15.0156 5588 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
13:33:15.0187 5588 ebdrv - ok
13:33:15.0218 5588 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
13:33:15.0218 5588 EFS - ok
13:33:15.0250 5588 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
13:33:15.0250 5588 ehRecvr - ok
13:33:15.0265 5588 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
13:33:15.0265 5588 ehSched - ok
13:33:15.0296 5588 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
13:33:15.0296 5588 elxstor - ok
13:33:15.0296 5588 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
13:33:15.0296 5588 ErrDev - ok
13:33:15.0328 5588 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
13:33:15.0328 5588 EventSystem - ok
13:33:15.0374 5588 EvtEng (8b6c9924b0d333dbf76086b8258a0891) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
13:33:15.0390 5588 EvtEng - ok
13:33:15.0437 5588 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
13:33:15.0437 5588 exfat - ok
13:33:15.0452 5588 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
13:33:15.0452 5588 fastfat - ok
13:33:15.0484 5588 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
13:33:15.0484 5588 Fax - ok
13:33:15.0499 5588 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
13:33:15.0499 5588 fdc - ok
13:33:15.0499 5588 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
13:33:15.0499 5588 fdPHost - ok
13:33:15.0499 5588 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
13:33:15.0515 5588 FDResPub - ok
13:33:15.0515 5588 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
13:33:15.0515 5588 FileInfo - ok
13:33:15.0515 5588 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
13:33:15.0515 5588 Filetrace - ok
13:33:15.0530 5588 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
13:33:15.0530 5588 flpydisk - ok
13:33:15.0530 5588 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
13:33:15.0546 5588 FltMgr - ok
13:33:15.0577 5588 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
13:33:15.0593 5588 FontCache - ok
13:33:15.0608 5588 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
13:33:15.0608 5588 FontCache3.0.0.0 - ok
13:33:15.0624 5588 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
13:33:15.0624 5588 FsDepends - ok
13:33:15.0624 5588 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
13:33:15.0624 5588 Fs_Rec - ok
13:33:15.0640 5588 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
13:33:15.0640 5588 fvevol - ok
13:33:15.0640 5588 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
13:33:15.0655 5588 gagp30kx - ok
13:33:15.0655 5588 GEARAspiWDM (e403aacf8c7bb11375122d2464560311) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
 
Continued:

13:33:15.0655 5588 GEARAspiWDM - ok
13:33:15.0686 5588 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
13:33:15.0686 5588 gpsvc - ok
13:33:15.0702 5588 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:15.0702 5588 gupdate - ok
13:33:15.0702 5588 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
13:33:15.0702 5588 gupdatem - ok
13:33:15.0702 5588 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
13:33:15.0718 5588 hcw85cir - ok
13:33:15.0718 5588 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
13:33:15.0733 5588 HdAudAddService - ok
13:33:15.0733 5588 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\DRIVERS\HDAudBus.sys
13:33:15.0733 5588 HDAudBus - ok
13:33:15.0749 5588 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
13:33:15.0749 5588 HidBatt - ok
13:33:15.0749 5588 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
13:33:15.0749 5588 HidBth - ok
13:33:15.0749 5588 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
13:33:15.0749 5588 HidIr - ok
13:33:15.0764 5588 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\System32\hidserv.dll
13:33:15.0764 5588 hidserv - ok
13:33:15.0764 5588 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
13:33:15.0764 5588 HidUsb - ok
13:33:15.0780 5588 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
13:33:15.0780 5588 hkmsvc - ok
13:33:15.0796 5588 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
13:33:15.0811 5588 HomeGroupListener - ok
13:33:15.0827 5588 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
13:33:15.0827 5588 HomeGroupProvider - ok
13:33:15.0827 5588 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
13:33:15.0827 5588 HpSAMD - ok
13:33:15.0858 5588 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
13:33:15.0858 5588 HTTP - ok
13:33:15.0874 5588 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
13:33:15.0874 5588 hwpolicy - ok
13:33:15.0874 5588 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\DRIVERS\i8042prt.sys
13:33:15.0874 5588 i8042prt - ok
13:33:15.0889 5588 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
13:33:15.0905 5588 iaStorV - ok
13:33:15.0936 5588 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
13:33:15.0936 5588 idsvc - ok
13:33:16.0342 5588 igfx (78527e6a4d78b1153925914c55872beb) C:\Windows\system32\DRIVERS\igdkmd64.sys
13:33:16.0466 5588 igfx - ok
13:33:16.0498 5588 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
13:33:16.0498 5588 iirsp - ok
13:33:16.0529 5588 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
13:33:16.0544 5588 IKEEXT - ok
13:33:16.0560 5588 IntcDAud (fc727061c0f47c8059e88e05d5c8e381) C:\Windows\system32\DRIVERS\IntcDAud.sys
13:33:16.0576 5588 IntcDAud - ok
13:33:16.0576 5588 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
13:33:16.0576 5588 intelide - ok
13:33:16.0576 5588 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\DRIVERS\intelppm.sys
13:33:16.0576 5588 intelppm - ok
13:33:16.0591 5588 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
13:33:16.0591 5588 IPBusEnum - ok
13:33:16.0591 5588 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
13:33:16.0591 5588 IpFilterDriver - ok
13:33:16.0607 5588 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
13:33:16.0622 5588 iphlpsvc - ok
13:33:16.0622 5588 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
13:33:16.0622 5588 IPMIDRV - ok
13:33:16.0638 5588 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
13:33:16.0638 5588 IPNAT - ok
13:33:16.0669 5588 iPod Service (50d6ccc6ff5561f9f56946b3e6164fb8) C:\Program Files\iPod\bin\iPodService.exe
13:33:16.0685 5588 iPod Service - ok
13:33:16.0685 5588 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
13:33:16.0685 5588 IRENUM - ok
13:33:16.0685 5588 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
13:33:16.0700 5588 isapnp - ok
13:33:16.0700 5588 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
13:33:16.0700 5588 iScsiPrt - ok
13:33:16.0716 5588 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\DRIVERS\kbdclass.sys
13:33:16.0716 5588 kbdclass - ok
13:33:16.0716 5588 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\DRIVERS\kbdhid.sys
13:33:16.0716 5588 kbdhid - ok
13:33:16.0716 5588 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:16.0716 5588 KeyIso - ok
13:33:16.0732 5588 KSecDD (97a7070aea4c058b6418519e869a63b4) C:\Windows\system32\Drivers\ksecdd.sys
13:33:16.0732 5588 KSecDD - ok
13:33:16.0732 5588 KSecPkg (26c43a7c2862447ec59deda188d1da07) C:\Windows\system32\Drivers\ksecpkg.sys
13:33:16.0747 5588 KSecPkg - ok
13:33:16.0747 5588 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
13:33:16.0747 5588 ksthunk - ok
13:33:16.0763 5588 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
13:33:16.0763 5588 KtmRm - ok
13:33:16.0778 5588 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\System32\srvsvc.dll
13:33:16.0778 5588 LanmanServer - ok
13:33:16.0778 5588 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
13:33:16.0778 5588 LanmanWorkstation - ok
13:33:16.0794 5588 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
13:33:16.0794 5588 lltdio - ok
13:33:16.0810 5588 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
13:33:16.0810 5588 lltdsvc - ok
13:33:16.0810 5588 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
13:33:16.0810 5588 lmhosts - ok
13:33:16.0825 5588 LMS (0803906d607a9b83184447b75b60ecc2) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
13:33:16.0841 5588 LMS - ok
13:33:16.0841 5588 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
13:33:16.0841 5588 LSI_FC - ok
13:33:16.0856 5588 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
13:33:16.0856 5588 LSI_SAS - ok
13:33:16.0856 5588 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
13:33:16.0856 5588 LSI_SAS2 - ok
13:33:16.0872 5588 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
13:33:16.0872 5588 LSI_SCSI - ok
13:33:16.0872 5588 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
13:33:16.0872 5588 luafv - ok
13:33:16.0888 5588 MBAMProtector (dc8490812a3b72811ae534f423b4c206) C:\Windows\system32\drivers\mbam.sys
13:33:16.0888 5588 MBAMProtector - ok
13:33:16.0903 5588 MBAMService (43683e970f008c93c9429ef428147a54) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
13:33:16.0919 5588 MBAMService - ok
13:33:16.0919 5588 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
13:33:16.0919 5588 Mcx2Svc - ok
13:33:16.0919 5588 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
13:33:16.0934 5588 megasas - ok
13:33:16.0934 5588 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
13:33:16.0934 5588 MegaSR - ok
13:33:16.0950 5588 MEIx64 (1c6e73fc46b509eff9d0086aa37132df) C:\Windows\system32\DRIVERS\HECIx64.sys
13:33:16.0950 5588 MEIx64 - ok
13:33:16.0966 5588 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
13:33:16.0966 5588 Microsoft Office Groove Audit Service - ok
13:33:16.0966 5588 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:16.0966 5588 MMCSS - ok
13:33:16.0966 5588 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
13:33:16.0966 5588 Modem - ok
13:33:16.0981 5588 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
13:33:16.0981 5588 monitor - ok
13:33:16.0981 5588 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
13:33:16.0981 5588 mouclass - ok
13:33:16.0981 5588 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
13:33:16.0981 5588 mouhid - ok
13:33:16.0997 5588 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
13:33:16.0997 5588 mountmgr - ok
13:33:16.0997 5588 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
13:33:16.0997 5588 MozillaMaintenance - ok
13:33:17.0012 5588 MpFilter (94c66ededcdb6a126880472f9a704d8e) C:\Windows\system32\DRIVERS\MpFilter.sys
13:33:17.0012 5588 MpFilter - ok
13:33:17.0028 5588 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
13:33:17.0028 5588 mpio - ok
13:33:17.0044 5588 MpKsl4a1b7940 (0ebb390b7aeec45ec061d9870a34fd42) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{A780761B-1B29-4FE0-A598-01A8BC103BB1}\MpKsl4a1b7940.sys
13:33:17.0044 5588 MpKsl4a1b7940 - ok
13:33:17.0044 5588 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
13:33:17.0044 5588 mpsdrv - ok
13:33:17.0044 5588 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
13:33:17.0059 5588 MRxDAV - ok
13:33:17.0059 5588 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
13:33:17.0059 5588 mrxsmb - ok
13:33:17.0075 5588 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
13:33:17.0075 5588 mrxsmb10 - ok
13:33:17.0090 5588 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
13:33:17.0090 5588 mrxsmb20 - ok
13:33:17.0090 5588 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
13:33:17.0090 5588 msahci - ok
13:33:17.0090 5588 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
13:33:17.0106 5588 msdsm - ok
13:33:17.0106 5588 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
13:33:17.0106 5588 MSDTC - ok
13:33:17.0122 5588 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
13:33:17.0122 5588 Msfs - ok
13:33:17.0122 5588 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
13:33:17.0122 5588 mshidkmdf - ok
13:33:17.0122 5588 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
13:33:17.0122 5588 msisadrv - ok
13:33:17.0137 5588 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
13:33:17.0137 5588 MSiSCSI - ok
13:33:17.0137 5588 msiserver - ok
13:33:17.0137 5588 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
13:33:17.0137 5588 MSKSSRV - ok
13:33:17.0153 5588 MsMpSvc (59faaf2c83c8169ea20f9e335e418907) c:\Program Files\Microsoft Security Client\MsMpEng.exe
13:33:17.0153 5588 MsMpSvc - ok
13:33:17.0153 5588 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
13:33:17.0153 5588 MSPCLOCK - ok
13:33:17.0153 5588 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
13:33:17.0153 5588 MSPQM - ok
13:33:17.0168 5588 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
13:33:17.0184 5588 MsRPC - ok
13:33:17.0184 5588 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\DRIVERS\mssmbios.sys
13:33:17.0184 5588 mssmbios - ok
13:33:17.0184 5588 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
13:33:17.0184 5588 MSTEE - ok
13:33:17.0184 5588 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
13:33:17.0184 5588 MTConfig - ok
13:33:17.0200 5588 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
13:33:17.0200 5588 Mup - ok
13:33:17.0215 5588 MyWiFiDHCPDNS (6ed8935257672f4cd04a88a0f3de093d) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
13:33:17.0215 5588 MyWiFiDHCPDNS - ok
13:33:17.0231 5588 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
13:33:17.0231 5588 napagent - ok
13:33:17.0246 5588 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
13:33:17.0246 5588 NativeWifiP - ok
13:33:17.0278 5588 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
13:33:17.0293 5588 NDIS - ok
13:33:17.0293 5588 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
13:33:17.0309 5588 NdisCap - ok
13:33:17.0309 5588 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
13:33:17.0309 5588 NdisTapi - ok
13:33:17.0309 5588 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
13:33:17.0309 5588 Ndisuio - ok
13:33:17.0324 5588 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
13:33:17.0324 5588 NdisWan - ok
13:33:17.0324 5588 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
13:33:17.0324 5588 NDProxy - ok
13:33:17.0340 5588 NEOFLTR_720_20645 (d3ab9f871482bcb0295ba7639fb476aa) C:\Windows\system32\Drivers\NEOFLTR_720_20645.SYS
13:33:17.0340 5588 NEOFLTR_720_20645 - ok
13:33:17.0340 5588 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
13:33:17.0340 5588 NetBIOS - ok
13:33:17.0356 5588 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
13:33:17.0356 5588 NetBT - ok
13:33:17.0371 5588 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:17.0371 5588 Netlogon - ok
13:33:17.0387 5588 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
13:33:17.0387 5588 Netman - ok
13:33:17.0402 5588 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
13:33:17.0418 5588 netprofm - ok
13:33:17.0418 5588 NetTcpPortSharing (3e5a36127e201ddf663176b66828fafe) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
13:33:17.0418 5588 NetTcpPortSharing - ok
13:33:17.0714 5588 NETwNs64 (5d262402b0634c998f8cbcead7dd8676) C:\Windows\system32\DRIVERS\NETwNs64.sys
13:33:17.0777 5588 NETwNs64 - ok
13:33:17.0824 5588 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
13:33:17.0824 5588 nfrd960 - ok
13:33:17.0839 5588 NisDrv (91b4e0273d2f6c24ef845f2b41311289) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
13:33:17.0839 5588 NisDrv - ok
13:33:17.0855 5588 NisSrv (10a43829a9e606af3eef25a1c1665923) c:\Program Files\Microsoft Security Client\NisSrv.exe
13:33:17.0855 5588 NisSrv - ok
13:33:17.0870 5588 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
13:33:17.0870 5588 NlaSvc - ok
13:33:17.0886 5588 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
13:33:17.0886 5588 Npfs - ok
13:33:17.0886 5588 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
13:33:17.0886 5588 nsi - ok
13:33:17.0886 5588 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
13:33:17.0902 5588 nsiproxy - ok
13:33:17.0948 5588 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
13:33:17.0964 5588 Ntfs - ok
13:33:18.0011 5588 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
13:33:18.0011 5588 Null - ok
13:33:18.0011 5588 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\DRIVERS\nusb3hub.sys
13:33:18.0011 5588 nusb3hub - ok
13:33:18.0026 5588 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\DRIVERS\nusb3xhc.sys
13:33:18.0026 5588 nusb3xhc - ok
13:33:18.0042 5588 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
13:33:18.0042 5588 nvraid - ok
13:33:18.0042 5588 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
13:33:18.0058 5588 nvstor - ok
13:33:18.0058 5588 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
13:33:18.0058 5588 nv_agp - ok
13:33:18.0089 5588 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
13:33:18.0089 5588 odserv - ok
13:33:18.0089 5588 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
13:33:18.0089 5588 ohci1394 - ok
13:33:18.0104 5588 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
13:33:18.0104 5588 ose - ok
13:33:18.0120 5588 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:18.0120 5588 p2pimsvc - ok
13:33:18.0136 5588 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
13:33:18.0136 5588 p2psvc - ok
13:33:18.0151 5588 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
13:33:18.0151 5588 Parport - ok
13:33:18.0151 5588 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
13:33:18.0151 5588 partmgr - ok
13:33:18.0167 5588 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
13:33:18.0167 5588 PcaSvc - ok
13:33:18.0182 5588 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
13:33:18.0182 5588 pci - ok
13:33:18.0182 5588 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
13:33:18.0182 5588 pciide - ok
13:33:18.0198 5588 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
13:33:18.0198 5588 pcmcia - ok
13:33:18.0198 5588 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
13:33:18.0198 5588 pcw - ok
13:33:18.0214 5588 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
13:33:18.0229 5588 PEAUTH - ok
13:33:18.0276 5588 PeerDistSvc (b9b0a4299dd2d76a4243f75fd54dc680) C:\Windows\system32\peerdistsvc.dll
13:33:18.0292 5588 PeerDistSvc - ok
13:33:18.0323 5588 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
13:33:18.0323 5588 PerfHost - ok
13:33:18.0401 5588 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
13:33:18.0432 5588 pla - ok
13:33:18.0448 5588 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
13:33:18.0463 5588 PlugPlay - ok
13:33:18.0463 5588 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
13:33:18.0463 5588 PNRPAutoReg - ok
13:33:18.0479 5588 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
13:33:18.0479 5588 PNRPsvc - ok
13:33:18.0494 5588 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
13:33:18.0510 5588 PolicyAgent - ok
13:33:18.0510 5588 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
13:33:18.0526 5588 Power - ok
13:33:18.0541 5588 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
13:33:18.0541 5588 PptpMiniport - ok
13:33:18.0541 5588 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
13:33:18.0541 5588 Processor - ok
13:33:18.0557 5588 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
13:33:18.0557 5588 ProfSvc - ok
13:33:18.0557 5588 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:18.0557 5588 ProtectedStorage - ok
13:33:18.0572 5588 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
13:33:18.0572 5588 Psched - ok
13:33:18.0619 5588 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
13:33:18.0635 5588 ql2300 - ok
13:33:18.0682 5588 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
13:33:18.0682 5588 ql40xx - ok
13:33:18.0697 5588 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
13:33:18.0697 5588 QWAVE - ok
13:33:18.0713 5588 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
13:33:18.0713 5588 QWAVEdrv - ok
13:33:18.0713 5588 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
13:33:18.0713 5588 RasAcd - ok
13:33:18.0728 5588 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
13:33:18.0728 5588 RasAgileVpn - ok
13:33:18.0728 5588 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
13:33:18.0728 5588 RasAuto - ok
13:33:18.0744 5588 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
13:33:18.0744 5588 Rasl2tp - ok
13:33:18.0760 5588 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
13:33:18.0760 5588 RasMan - ok
13:33:18.0775 5588 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
13:33:18.0775 5588 RasPppoe - ok
13:33:18.0775 5588 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
13:33:18.0775 5588 RasSstp - ok
13:33:18.0791 5588 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
13:33:18.0791 5588 rdbss - ok
13:33:18.0791 5588 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\DRIVERS\rdpbus.sys
13:33:18.0791 5588 rdpbus - ok
13:33:18.0791 5588 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
13:33:18.0806 5588 RDPCDD - ok
13:33:18.0806 5588 RDPDR (1b6163c503398b23ff8b939c67747683) C:\Windows\system32\drivers\rdpdr.sys
13:33:18.0806 5588 RDPDR - ok
13:33:18.0822 5588 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
13:33:18.0822 5588 RDPENCDD - ok
13:33:18.0822 5588 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
13:33:18.0822 5588 RDPREFMP - ok
13:33:18.0838 5588 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
13:33:18.0838 5588 RDPWD - ok
13:33:18.0838 5588 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
13:33:18.0853 5588 rdyboost - ok
13:33:18.0884 5588 RegSrvc (189c5a8d2098e0aa14fd157a954b34fc) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
13:33:18.0884 5588 RegSrvc - ok
13:33:18.0900 5588 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
13:33:18.0900 5588 RemoteAccess - ok
13:33:18.0900 5588 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
13:33:18.0916 5588 RemoteRegistry - ok
13:33:18.0931 5588 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
13:33:18.0931 5588 RFCOMM - ok
13:33:18.0931 5588 RimUsb (ad42432d22940b4215177be113e4919c) C:\Windows\system32\Drivers\RimUsb_AMD64.sys
13:33:18.0931 5588 RimUsb - ok
13:33:18.0931 5588 RimVSerPort (4aafffa67ac4dfa3d9985d78573887e2) C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
13:33:18.0947 5588 RimVSerPort - ok
13:33:18.0947 5588 ROOTMODEM (388d3dd1a6457280f3badba9f3acd6b1) C:\Windows\system32\Drivers\RootMdm.sys
13:33:18.0947 5588 ROOTMODEM - ok
13:33:19.0009 5588 RosettaStoneDaemon (e7062dbd907e0c5ceeb5abdaf07e6b32) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
13:33:19.0040 5588 RosettaStoneDaemon - ok
13:33:19.0072 5588 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
13:33:19.0072 5588 RpcEptMapper - ok
13:33:19.0072 5588 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
13:33:19.0087 5588 RpcLocator - ok
13:33:19.0103 5588 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
13:33:19.0103 5588 RpcSs - ok
13:33:19.0118 5588 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
13:33:19.0118 5588 rspndr - ok
13:33:19.0134 5588 RSUSBSTOR (be29b0a3ac1e8bd02ffab8cee86badfa) C:\Windows\system32\Drivers\RtsUStor.sys
13:33:19.0134 5588 RSUSBSTOR - ok
13:33:19.0150 5588 RTL8167 (2777226ee8bf50b059d7a7c90177e99c) C:\Windows\system32\DRIVERS\Rt64win7.sys
13:33:19.0150 5588 RTL8167 - ok
13:33:19.0165 5588 s3cap (e60c0a09f997826c7627b244195ab581) C:\Windows\system32\drivers\vms3cap.sys
13:33:19.0165 5588 s3cap - ok
13:33:19.0165 5588 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:19.0165 5588 SamSs - ok
13:33:19.0181 5588 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
13:33:19.0181 5588 sbp2port - ok
13:33:19.0181 5588 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
13:33:19.0196 5588 SCardSvr - ok
13:33:19.0196 5588 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
13:33:19.0196 5588 scfilter - ok
13:33:19.0228 5588 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
13:33:19.0243 5588 Schedule - ok
13:33:19.0243 5588 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
13:33:19.0243 5588 SCPolicySvc - ok
13:33:19.0259 5588 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
13:33:19.0259 5588 SDRSVC - ok
13:33:19.0274 5588 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
13:33:19.0274 5588 secdrv - ok
13:33:19.0274 5588 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
13:33:19.0274 5588 seclogon - ok
13:33:19.0274 5588 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
13:33:19.0290 5588 SENS - ok
13:33:19.0290 5588 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
13:33:19.0290 5588 SensrSvc - ok
13:33:19.0290 5588 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
13:33:19.0290 5588 Serenum - ok
13:33:19.0306 5588 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
13:33:19.0306 5588 Serial - ok
13:33:19.0306 5588 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
13:33:19.0306 5588 sermouse - ok
13:33:19.0321 5588 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
13:33:19.0321 5588 SessionEnv - ok
13:33:19.0321 5588 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
13:33:19.0321 5588 sffdisk - ok
13:33:19.0337 5588 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
13:33:19.0337 5588 sffp_mmc - ok
13:33:19.0337 5588 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
13:33:19.0337 5588 sffp_sd - ok
13:33:19.0337 5588 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
13:33:19.0337 5588 sfloppy - ok
13:33:19.0352 5588 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
13:33:19.0352 5588 ShellHWDetection - ok
13:33:19.0368 5588 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
13:33:19.0368 5588 SiSRaid2 - ok
13:33:19.0368 5588 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
13:33:19.0368 5588 SiSRaid4 - ok
13:33:19.0384 5588 SkypeUpdate (ea396139541706b4b433641d62ea53ce) C:\Program Files (x86)\Skype\Updater\Updater.exe
13:33:19.0384 5588 SkypeUpdate - ok
13:33:19.0399 5588 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
13:33:19.0399 5588 Smb - ok
13:33:19.0399 5588 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
13:33:19.0399 5588 SNMPTRAP - ok
13:33:19.0399 5588 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
13:33:19.0415 5588 spldr - ok
13:33:19.0430 5588 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
13:33:19.0430 5588 Spooler - ok
13:33:19.0555 5588 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
13:33:19.0586 5588 sppsvc - ok
13:33:19.0633 5588 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
13:33:19.0633 5588 sppuinotify - ok
13:33:19.0664 5588 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
13:33:19.0664 5588 srv - ok
13:33:19.0696 5588 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
13:33:19.0696 5588 srv2 - ok
 
Continued:

13:33:19.0711 5588 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
13:33:19.0711 5588 srvnet - ok
13:33:19.0711 5588 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
13:33:19.0727 5588 SSDPSRV - ok
13:33:19.0727 5588 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
13:33:19.0727 5588 SstpSvc - ok
13:33:19.0742 5588 STacSV (a6b2ec3a2b6ad7c3f7b2f3495cade4c0) C:\Program Files\IDT\WDM\STacSV64.exe
13:33:19.0742 5588 STacSV - ok
13:33:19.0758 5588 stdcfltn (92e7f6666633d2dd91d527503daa7be0) C:\Windows\system32\DRIVERS\stdcfltn.sys
13:33:19.0758 5588 stdcfltn - ok
13:33:19.0758 5588 Steam Client Service - ok
13:33:19.0774 5588 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
13:33:19.0774 5588 stexstor - ok
13:33:19.0789 5588 STHDA (eba98394a7d58f7552c52192bd8fa7e6) C:\Windows\system32\DRIVERS\stwrt64.sys
13:33:19.0789 5588 STHDA - ok
13:33:19.0805 5588 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
13:33:19.0820 5588 stisvc - ok
13:33:19.0820 5588 storflt (7785dc213270d2fc066538daf94087e7) C:\Windows\system32\drivers\vmstorfl.sys
13:33:19.0820 5588 storflt - ok
13:33:19.0836 5588 StorSvc (c40841817ef57d491f22eb103da587cc) C:\Windows\system32\storsvc.dll
13:33:19.0836 5588 StorSvc - ok
13:33:19.0836 5588 storvsc (d34e4943d5ac096c8edeebfd80d76e23) C:\Windows\system32\drivers\storvsc.sys
13:33:19.0836 5588 storvsc - ok
13:33:19.0836 5588 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\DRIVERS\swenum.sys
13:33:19.0836 5588 swenum - ok
13:33:19.0867 5588 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
13:33:19.0867 5588 swprv - ok
13:33:19.0914 5588 SynTP (09e811486038f1c06f9e00dffaab7a4e) C:\Windows\system32\DRIVERS\SynTP.sys
13:33:19.0930 5588 SynTP - ok
13:33:20.0023 5588 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
13:33:20.0039 5588 SysMain - ok
13:33:20.0086 5588 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
13:33:20.0086 5588 TabletInputService - ok
13:33:20.0101 5588 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
13:33:20.0101 5588 TapiSrv - ok
13:33:20.0117 5588 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
13:33:20.0117 5588 TBS - ok
13:33:20.0195 5588 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
13:33:20.0210 5588 Tcpip - ok
13:33:20.0320 5588 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
13:33:20.0351 5588 TCPIP6 - ok
13:33:20.0398 5588 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
13:33:20.0398 5588 tcpipreg - ok
13:33:20.0413 5588 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
13:33:20.0413 5588 TDPIPE - ok
13:33:20.0413 5588 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
13:33:20.0413 5588 TDTCP - ok
13:33:20.0429 5588 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
13:33:20.0429 5588 tdx - ok
13:33:20.0444 5588 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\DRIVERS\termdd.sys
13:33:20.0444 5588 TermDD - ok
13:33:20.0460 5588 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
13:33:20.0476 5588 TermService - ok
13:33:20.0476 5588 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
13:33:20.0476 5588 Themes - ok
13:33:20.0491 5588 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
13:33:20.0491 5588 THREADORDER - ok
13:33:20.0491 5588 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
13:33:20.0507 5588 TrkWks - ok
13:33:20.0507 5588 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
13:33:20.0507 5588 TrustedInstaller - ok
13:33:20.0522 5588 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
13:33:20.0522 5588 tssecsrv - ok
13:33:20.0522 5588 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
13:33:20.0522 5588 TsUsbFlt - ok
13:33:20.0522 5588 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
13:33:20.0522 5588 TsUsbGD - ok
13:33:20.0538 5588 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
13:33:20.0538 5588 tunnel - ok
13:33:20.0538 5588 TurboB (fd24f98d2898be093fe926604be7db99) C:\Windows\system32\DRIVERS\TurboB.sys
13:33:20.0554 5588 TurboB - ok
13:33:20.0554 5588 TurboBoost (600b406a04d90f577fea8a88d7379f08) C:\Program Files\Intel\TurboBoost\TurboBoost.exe
13:33:20.0569 5588 TurboBoost - ok
13:33:20.0569 5588 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
13:33:20.0569 5588 uagp35 - ok
13:33:20.0585 5588 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
13:33:20.0585 5588 udfs - ok
13:33:20.0600 5588 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
13:33:20.0600 5588 UI0Detect - ok
13:33:20.0600 5588 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
13:33:20.0600 5588 uliagpkx - ok
13:33:20.0616 5588 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
13:33:20.0616 5588 umbus - ok
13:33:20.0616 5588 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
13:33:20.0616 5588 UmPass - ok
13:33:20.0632 5588 UmRdpService (a293dcd756d04d8492a750d03b9a297c) C:\Windows\System32\umrdp.dll
13:33:20.0632 5588 UmRdpService - ok
13:33:20.0725 5588 UNS (eb79c6c91a99930015ef29ae7fa802d1) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
13:33:20.0756 5588 UNS - ok
13:33:20.0803 5588 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
13:33:20.0803 5588 upnphost - ok
13:33:20.0819 5588 usbaudio (82e8f44688e6fac57b5b7c6fc7adbc2a) C:\Windows\system32\drivers\usbaudio.sys
13:33:20.0834 5588 usbaudio - ok
13:33:20.0834 5588 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\DRIVERS\usbccgp.sys
13:33:20.0834 5588 usbccgp - ok
13:33:20.0850 5588 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
13:33:20.0850 5588 usbcir - ok
13:33:20.0850 5588 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\DRIVERS\usbehci.sys
13:33:20.0850 5588 usbehci - ok
13:33:20.0866 5588 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\DRIVERS\usbhub.sys
13:33:20.0866 5588 usbhub - ok
13:33:20.0881 5588 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
13:33:20.0881 5588 usbohci - ok
13:33:20.0881 5588 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
13:33:20.0881 5588 usbprint - ok
13:33:20.0897 5588 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
13:33:20.0897 5588 USBSTOR - ok
13:33:20.0897 5588 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
13:33:20.0897 5588 usbuhci - ok
13:33:20.0912 5588 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
13:33:20.0912 5588 usbvideo - ok
13:33:20.0912 5588 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
13:33:20.0912 5588 UxSms - ok
13:33:20.0912 5588 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
13:33:20.0912 5588 VaultSvc - ok
13:33:21.0022 5588 vcsFPService (8c51e58d59cbf2639832484ec9ed8dda) C:\Windows\system32\vcsFPService.exe
13:33:21.0053 5588 vcsFPService - ok
13:33:21.0100 5588 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
13:33:21.0100 5588 vdrvroot - ok
13:33:21.0115 5588 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
13:33:21.0115 5588 vds - ok
13:33:21.0115 5588 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
13:33:21.0131 5588 vga - ok
13:33:21.0131 5588 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
13:33:21.0131 5588 VgaSave - ok
13:33:21.0146 5588 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
13:33:21.0146 5588 vhdmp - ok
13:33:21.0146 5588 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
13:33:21.0146 5588 viaide - ok
13:33:21.0162 5588 vmbus (86ea3e79ae350fea5331a1303054005f) C:\Windows\system32\drivers\vmbus.sys
13:33:21.0162 5588 vmbus - ok
13:33:21.0162 5588 VMBusHID (7de90b48f210d29649380545db45a187) C:\Windows\system32\drivers\VMBusHID.sys
13:33:21.0162 5588 VMBusHID - ok
13:33:21.0178 5588 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
13:33:21.0178 5588 volmgr - ok
13:33:21.0193 5588 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
13:33:21.0193 5588 volmgrx - ok
13:33:21.0209 5588 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
13:33:21.0209 5588 volsnap - ok
13:33:21.0209 5588 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
13:33:21.0224 5588 vsmraid - ok
13:33:21.0256 5588 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
13:33:21.0271 5588 VSS - ok
13:33:21.0318 5588 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
13:33:21.0318 5588 vwifibus - ok
13:33:21.0318 5588 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
13:33:21.0318 5588 vwififlt - ok
13:33:21.0334 5588 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
13:33:21.0334 5588 vwifimp - ok
13:33:21.0349 5588 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
13:33:21.0349 5588 W32Time - ok
13:33:21.0349 5588 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
13:33:21.0365 5588 WacomPen - ok
13:33:21.0365 5588 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:21.0365 5588 WANARP - ok
13:33:21.0365 5588 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
13:33:21.0365 5588 Wanarpv6 - ok
13:33:21.0412 5588 WatAdminSvc (3cec96de223e49eaae3651fcf8faea6c) C:\Windows\system32\Wat\WatAdminSvc.exe
13:33:21.0427 5588 WatAdminSvc - ok
13:33:21.0474 5588 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
13:33:21.0490 5588 wbengine - ok
13:33:21.0536 5588 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
13:33:21.0536 5588 WbioSrvc - ok
13:33:21.0552 5588 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
13:33:21.0552 5588 wcncsvc - ok
13:33:21.0552 5588 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
13:33:21.0552 5588 WcsPlugInService - ok
13:33:21.0568 5588 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
13:33:21.0568 5588 Wd - ok
13:33:21.0599 5588 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
13:33:21.0599 5588 Wdf01000 - ok
13:33:21.0599 5588 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:21.0599 5588 WdiServiceHost - ok
13:33:21.0614 5588 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
13:33:21.0614 5588 WdiSystemHost - ok
13:33:21.0614 5588 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
13:33:21.0630 5588 WebClient - ok
13:33:21.0630 5588 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
13:33:21.0646 5588 Wecsvc - ok
13:33:21.0646 5588 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
13:33:21.0646 5588 wercplsupport - ok
13:33:21.0661 5588 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
13:33:21.0661 5588 WerSvc - ok
13:33:21.0677 5588 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
13:33:21.0677 5588 WfpLwf - ok
13:33:21.0677 5588 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
13:33:21.0677 5588 WIMMount - ok
13:33:21.0677 5588 WinDefend - ok
13:33:21.0692 5588 WinHttpAutoProxySvc - ok
13:33:21.0708 5588 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
13:33:21.0708 5588 Winmgmt - ok
13:33:21.0770 5588 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
13:33:21.0786 5588 WinRM - ok
13:33:21.0833 5588 WinUSB (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUSB.sys
13:33:21.0833 5588 WinUSB - ok
13:33:21.0864 5588 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
13:33:21.0880 5588 Wlansvc - ok
13:33:21.0880 5588 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\DRIVERS\wmiacpi.sys
13:33:21.0880 5588 WmiAcpi - ok
13:33:21.0895 5588 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
13:33:21.0895 5588 wmiApSrv - ok
13:33:21.0911 5588 WMPNetworkSvc - ok
13:33:21.0911 5588 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
13:33:21.0911 5588 WPCSvc - ok
13:33:21.0911 5588 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
13:33:21.0926 5588 WPDBusEnum - ok
13:33:21.0926 5588 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
13:33:21.0926 5588 ws2ifsl - ok
13:33:21.0926 5588 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\system32\wscsvc.dll
13:33:21.0942 5588 wscsvc - ok
13:33:21.0942 5588 WSearch - ok
13:33:22.0020 5588 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
13:33:22.0051 5588 wuauserv - ok
13:33:22.0098 5588 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
13:33:22.0098 5588 WudfPf - ok
13:33:22.0114 5588 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
13:33:22.0114 5588 WUDFRd - ok
13:33:22.0114 5588 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
13:33:22.0129 5588 wudfsvc - ok
13:33:22.0129 5588 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
13:33:22.0129 5588 WwanSvc - ok
13:33:22.0145 5588 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
13:33:22.0145 5588 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - infected
13:33:22.0145 5588 \Device\Harddisk0\DR0 - detected Rootkit.Boot.Pihar.c (0)
13:33:22.0145 5588 Boot (0x1200) (4f4c5409fb8ce8bc483e368a2f9d13fd) \Device\Harddisk0\DR0\Partition0
13:33:22.0145 5588 \Device\Harddisk0\DR0\Partition0 - ok
13:33:22.0160 5588 Boot (0x1200) (3b340f8d1635b9cd09707069a6e16ad1) \Device\Harddisk0\DR0\Partition1
13:33:22.0160 5588 \Device\Harddisk0\DR0\Partition1 - ok
13:33:22.0160 5588 ============================================================
13:33:22.0160 5588 Scan finished
13:33:22.0160 5588 ============================================================
13:33:22.0160 5428 Detected object count: 1
13:33:22.0160 5428 Actual detected object count: 1
13:33:30.0366 5428 \Device\Harddisk0\DR0\# - copied to quarantine
13:33:30.0538 5428 \Device\Harddisk0\DR0 - copied to quarantine
13:33:31.0240 5428 \Device\Harddisk0\DR0\TDLFS\cmd.dll - copied to quarantine
13:33:31.0271 5428 \Device\Harddisk0\DR0\TDLFS\cmd64.dll - copied to quarantine
13:33:31.0286 5428 \Device\Harddisk0\DR0\TDLFS\sub.dll - copied to quarantine
13:33:31.0302 5428 \Device\Harddisk0\DR0\TDLFS\subx.dll - copied to quarantine
13:33:31.0333 5428 \Device\Harddisk0\DR0\TDLFS\drv32 - copied to quarantine
13:33:31.0895 5428 \Device\Harddisk0\DR0\TDLFS\drv64 - copied to quarantine
13:33:31.0910 5428 \Device\Harddisk0\DR0\TDLFS\servers.dat - copied to quarantine
13:33:31.0910 5428 \Device\Harddisk0\DR0\TDLFS\config.ini - copied to quarantine
13:33:31.0910 5428 \Device\Harddisk0\DR0\TDLFS\ldr16 - copied to quarantine
13:33:32.0004 5428 \Device\Harddisk0\DR0\TDLFS\ldr32 - copied to quarantine
13:33:32.0020 5428 \Device\Harddisk0\DR0\TDLFS\ldr64 - copied to quarantine
13:33:32.0020 5428 \Device\Harddisk0\DR0\TDLFS\s - copied to quarantine
13:33:32.0035 5428 \Device\Harddisk0\DR0\TDLFS\ldrm - copied to quarantine
13:33:32.0035 5428 \Device\Harddisk0\DR0\TDLFS\u - copied to quarantine
13:33:32.0051 5428 \Device\Harddisk0\DR0\TDLFS\ph.dll - copied to quarantine
13:33:32.0066 5428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - will be cured on reboot
13:33:32.0066 5428 \Device\Harddisk0\DR0 - ok
13:33:32.0066 5428 \Device\Harddisk0\DR0 ( Rootkit.Boot.Pihar.c ) - User select action: Cure
13:33:33.0642 2104 Deinitialize success
 
I have no problem doing a slash & burn reinstall if it is easier, to insure that everything is gone. Let me know if that is a good option.
I can't make that decision for you.

If you want to continue....

  • Download RogueKiller on the desktop
  • Close all the running programs
  • Windows Vista/7 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • A report (RKreport.txt) should open. Post its content in your next reply. (RKreport could also be found on your desktop)
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

================================

Download aswMBR to your desktop.
Double click the aswMBR.exe to run it.
If you see this question: Would you like to download latest Avast! virus definitions?" say "Yes".
Click the "Scan" button to start scan.
On completion of the scan click "Save log", save it to your desktop and post in your next reply.

NOTE. aswMBR will create MBR.dat file on your desktop. This is a copy of your MBR. Do NOT delete it.
 
RogueKiller log:

--------------------------------

RogueKiller V7.6.4 [07/17/2012] by Tigzy
mail: tigzyRK<at>gmail<dot>com
Feedback: https://www.techspot.com/downloads/5562-roguekiller.html
Blog: http://tigzyrk.blogspot.com

Operating System: Windows 7 (6.1.7601 Service Pack 1) 64 bits version
Started in : Normal mode
User: X [Admin rights]
Mode: Scan -- Date: 08/01/2012 22:37:59

¤¤¤ Bad processes: 0 ¤¤¤

¤¤¤ Registry Entries: 3 ¤¤¤
[HJ] HKCU\[...]\Advanced : Start_ShowMyGames (0) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {59031a47-3f72-44a7-89c5-5595fe6b30ee} (1) -> FOUND
[HJ] HKLM\[...]\NewStartPanel : {20D04FE0-3AEA-1069-A2D8-08002B30309D} (1) -> FOUND

¤¤¤ Particular Files / Folders: ¤¤¤
[ZeroAccess][FOLDER] U : c:\windows\installer\{527fca17-bc25-e78a-abbc-374ecbbce2fb}\U --> FOUND
[ZeroAccess][FOLDER] L : c:\windows\installer\{527fca17-bc25-e78a-abbc-374ecbbce2fb}\L --> FOUND

¤¤¤ Driver: [NOT LOADED] ¤¤¤

¤¤¤ Infection : ZeroAccess ¤¤¤

¤¤¤ HOSTS File: ¤¤¤


¤¤¤ MBR Check: ¤¤¤

+++++ PhysicalDrive0: SAMSUNG 470 Series SSD ATA Device +++++
--- User ---
[MBR] a6ce6e5e06cefd1c5695d50012a18463
[BSP] 1d037d5f9407711766fc75e1321fc18b : Windows 7 MBR Code
Partition table:
0 - [ACTIVE] NTFS (0x07) [VISIBLE] Offset (sectors): 2048 | Size: 100 Mo
1 - [XXXXXX] NTFS (0x07) [VISIBLE] Offset (sectors): 206848 | Size: 122002 Mo
User = LL1 ... OK!
User = LL2 ... OK!

Finished : << RKreport[2].txt >>
RKreport[1].txt ; RKreport[2].txt



-------------------------------

aswMBR log

-------------------------------

aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-01 22:40:04
-----------------------------
22:40:04.253 OS Version: Windows x64 6.1.7601 Service Pack 1
22:40:04.253 Number of processors: 4 586 0x2A07
22:40:04.253 ComputerName: VOSTRO3350 UserName:
22:40:04.415 Initialize success
22:41:03.122 AVAST engine defs: 12080101
22:41:09.154 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
22:41:09.159 Disk 0 Vendor: SAMSUNG_470_Series_SSD AXM08B1Q Size: 122104MB BusType: 11
22:41:09.165 Disk 0 MBR read successfully
22:41:09.171 Disk 0 MBR scan
22:41:09.181 Disk 0 Windows 7 default MBR code
22:41:09.187 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
22:41:09.225 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 122002 MB offset 206848
22:41:09.260 Disk 0 scanning C:\Windows\system32\drivers
22:41:14.094 Service scanning
22:41:26.139 Modules scanning
22:41:26.144 Disk 0 trace - called modules:
22:41:26.148
22:41:26.321 AVAST engine scan C:\Windows
22:41:27.501 AVAST engine scan C:\Windows\system32
22:43:13.666 AVAST engine scan C:\Windows\system32\drivers
22:43:20.314 AVAST engine scan C:\Users\X
22:44:03.794 AVAST engine scan C:\ProgramData
22:44:12.216 Scan finished successfully
22:44:25.394 Disk 0 MBR has been saved successfully to "C:\Users\X\Desktop\MBR.dat"
22:44:25.400 The log file has been saved successfully to "C:\Users\X\Desktop\aswMBR.txt"
 
For x32 (x86) bit systems download Farbar Recovery Scan Tool 32-Bit and save it to a flash drive.
For x64 bit systems download Farbar Recovery Scan Tool 64-Bit and save it to a flash drive.

Plug the flashdrive into the infected PC.

Enter System Recovery Options.

To enter System Recovery Options from the Advanced Boot Options:
  • Restart the computer.
  • As soon as the BIOS is loaded begin tapping the F8 key until Advanced Boot Options appears.
  • Use the arrow keys to select the Repair your computer menu item.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account an click Next.

To enter System Recovery Options by using Windows installation disc:
  • Insert the installation disc.
  • Restart your computer.
  • If prompted, press any key to start Windows from the installation disc. If your computer is not configured to start from a CD or DVD, check your BIOS settings.
  • Click Repair your computer.
  • Select US as the keyboard language settings, and then click Next.
  • Select the operating system you want to repair, and then click Next.
  • Select your user account and click Next.

On the System Recovery Options menu you will get the following options:

    • Startup Repair
      System Restore
      Windows Complete PC Restore
      Windows Memory Diagnostic Tool
      Command Prompt
  • Select Command Prompt
  • In the command window type in notepad and press Enter.
  • The notepad opens. Under File menu select Open.
  • Select "Computer" and find your flash drive letter and close the notepad.
  • In the command window type e:\frst.exe (for x64 bit version type e:\frst64) and press Enter
    Note: Replace letter e with the drive letter of your flash drive.
  • The tool will start to run.
  • When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will make a log (FRST.txt) on the flash drive. Please copy and paste it to your reply.

Next...

Re-run FRST again.
Type the following in the edit box after "Search:".

services.exe

Click Search button and post the log (Search.txt) it makes in your reply.

I'll expect two logs:
- FRST.txt
- Search.txt
 
Broni, given that my flight is tomorrow I did a quick inventory of my computer, realized I needed to save little if any of the files, and did a slash and burn reinstall.

Many, MANY thanks for helping with your time and effort. I really appreciated it and cannot thank you enough.
 
Back